Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/70546dc6e0acea7bc98b3ce948cf1e72c0c5768b (Fix some tab lifetime management issues in TabLifecycleUnitSource.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/33e25ec306ba5e859127b8a776f3a0283367ca8c

commit 33e25ec306ba5e859127b8a776f3a0283367ca8c
Author: Sebastien Marchand <sebmarchand@chromium.org>
Date: Thu Mar 08 19:38:33 2018

Revert "Use LifecycleUnits for tab discarding."

This reverts commit 69feeeb961bfd9ad599d6a4c04433be9c7a8435c , as well as
 commit 182f8382d3dbec1d58cdff9d55d188f984625aa7 ("Fix 2 access violation
in resource_coordinator.")

There's also a few minor fixes to fix the presubmits:

- tab_manager_delegate_chromeos.cc:144 : Bind -> BindOnce
- tab_manager.cc: prepend the crbug urls with https://
- Fix a few minor revert conflicts caused by
    ddf2a4e4ae9966ceaaf7854226b8fcd007bfe953:
    - tab_manager.h: conflict in the "FRIEND_TEST_ALL_PREFIXES"
      declarations.
    - tab_manager_browsertest.cc: Conflict in the anonymous namespace
      at the top of the file.

TBR: thestig@chromium.org
Bug: 818454,  819973 , 820065
Change-Id: I7c6307859d565769d239ef43c30fb50e5a797467
Reviewed-on: https://chromium-review.googlesource.com/955923
Commit-Queue: Sébastien Marchand <sebmarchand@chromium.org>
Reviewed-by: Chris Hamilton <chrisha@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541868}
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/BUILD.gn
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/browser_process_impl.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/browser_process_impl.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/extensions/api/tabs/tabs_test.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/discard_metrics_lifecycle_unit_observer.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/discard_metrics_lifecycle_unit_observer_unittest.cc
[add] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/discard_metrics_util.cc
[add] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/discard_metrics_util.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/lifecycle_unit.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/lifecycle_unit_base_unittest.cc
[add] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_observer_browsertest.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit_external.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit_external.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_lifecycle_unit_source_unittest.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_browsertest.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos_unittest.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_unittest.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_web_contents_data.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_web_contents_data.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_manager_web_contents_data_unittest.cc
[add] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_stats.cc
[add] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/resource_coordinator/tab_stats.h
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/browser/ui/webui/discards/discards_ui.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/test/BUILD.gn
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/test/base/chrome_unit_test_suite.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/test/base/testing_browser_process.cc
[modify] https://crrev.com/33e25ec306ba5e859127b8a776f3a0283367ca8c/chrome/test/base/testing_browser_process.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eb12818ff7f26df953678eb93ab091a7921ed6e8

commit eb12818ff7f26df953678eb93ab091a7921ed6e8
Author: Sebastien Marchand <sebmarchand@chromium.org>
Date: Thu Mar 08 23:55:25 2018

Revert "Use LifecycleUnits for tab discarding."

This reverts commit 69feeeb961bfd9ad599d6a4c04433be9c7a8435c , as well as
 commit 182f8382d3dbec1d58cdff9d55d188f984625aa7 ("Fix 2 access violation
in resource_coordinator.")

There's also a few minor fixes to fix the presubmits:

- tab_manager_delegate_chromeos.cc:144 : Bind -> BindOnce
- tab_manager.cc: prepend the crbug urls with https://
- Fix a few minor revert conflicts caused by
    ddf2a4e4ae9966ceaaf7854226b8fcd007bfe953:
    - tab_manager.h: conflict in the "FRIEND_TEST_ALL_PREFIXES"
      declarations.
    - tab_manager_browsertest.cc: Conflict in the anonymous namespace
      at the top of the file.

(cherry picked from commit 33e25ec306ba5e859127b8a776f3a0283367ca8c)

Bug: 818454,  819973 , 820065
Change-Id: I7c6307859d565769d239ef43c30fb50e5a797467
Reviewed-on: https://chromium-review.googlesource.com/955923
Commit-Queue: Sébastien Marchand <sebmarchand@chromium.org>
Reviewed-by: Chris Hamilton <chrisha@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#541868}
Reviewed-on: https://chromium-review.googlesource.com/956290
Reviewed-by: Sébastien Marchand <sebmarchand@chromium.org>
Cr-Commit-Position: refs/branch-heads/3359@{#117}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/BUILD.gn
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/browser_process_impl.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/browser_process_impl.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/extensions/api/tabs/tabs_test.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/discard_metrics_lifecycle_unit_observer.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/discard_metrics_lifecycle_unit_observer_unittest.cc
[add] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/discard_metrics_util.cc
[add] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/discard_metrics_util.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/lifecycle_unit.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/lifecycle_unit_base_unittest.cc
[add] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_observer_browsertest.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit_external.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit_external.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_lifecycle_unit_source_unittest.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_browsertest.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos_unittest.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_unittest.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_web_contents_data.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_web_contents_data.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_manager_web_contents_data_unittest.cc
[add] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_stats.cc
[add] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/resource_coordinator/tab_stats.h
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/browser/ui/webui/discards/discards_ui.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/test/BUILD.gn
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/test/base/chrome_unit_test_suite.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/test/base/testing_browser_process.cc
[modify] https://crrev.com/eb12818ff7f26df953678eb93ab091a7921ed6e8/chrome/test/base/testing_browser_process.h

ClusterFuzz has detected this issue as fixed in range 541800:541801.

Detailed report: https://clusterfuzz.com/testcase?key=5600140128419840

Fuzzer: inferno_twister
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  resource_coordinator::TabManager::PurgeBackgroundedTabsIfNeeded
  base::Timer::RunScheduledTask
  base::debug::TaskAnnotator::RunTask
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=541539:541544
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=541800:541801

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5600140128419840

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5600140128419840 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot